Chromium: Multiple vulnerabilities
— GLSA 201012-01

Multiple vulnerabilities have been reported in Chromium, some of which may
allow user-assisted execution of arbitrary code.

Affected Packages

Package

www-client/chromium on all architectures

Affected versions

< 8.0.552.224

Unaffected versions

>= 8.0.552.224

Background

Chromium is an open-source web browser project.

Description

Multiple vulnerabilities were found in Chromium. For further
information please consult the release notes referenced below.

Impact

A remote attacker could trick a user to perform a set of UI actions
that trigger a possibly exploitable crash, leading to execution of
arbitrary code or a Denial of Service.

It was also possible for an attacker to entice a user to visit a
specially-crafted web page that would trigger one of the
vulnerabilities, leading to execution of arbitrary code within the
confines of the sandbox, successful Cross-Site Scripting attacks,
violation of the same-origin policy, successful website spoofing
attacks, information leak, or a Denial of Service. An attacker could
also trick a user to perform a set of UI actions that might result in a
successful website spoofing attack.

Multiple bugs in the sandbox could result in a sandbox escape.

Multiple UI bugs could lead to information leak and successful website
spoofing attacks.